Thanks, On our older infrastrcture if we wanted to scale out we just copied the ssldir and changed the filenames to the FQDN of the new master server. certdnsnames would be wildcarded.
Now using 2.7.9 how do we do certificates so we could scale out horizontally from behind this loadbalancer ? Tring this approach leads now to this:- # puppet cert --list --all warning: The `certdnsnames` setting is no longer functional, after CVE-2011-3872. We ignore the value completely. For your own certificate request you can set `dns_alt_names` in the configuration and it will apply locally. There is no configuration option to set DNS alt names, or any other `subjectAltName` value, for another nodes certificate. Alternately you can use the `--dns_alt_names` command line option to set the labels added while generating your own CSR. - <CLIENT FQDN> (FA:C4:68:C1:30:E2:95:9E:48:AB:ED:E4:A7:BF:3F:19) (certificate signature failure) Going around in circles somewhat trying to get a modern puppet setup with a potential to scale horizontally. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
